There may be times when you must rebuild the Blumira sensor software and either reinstall it on the same server it was already running on or migrate the sensor to a new host if the old one is being deprecated.
You can generate a fresh build of your sensor image while retaining the sensor name and ID, as well as all sensor configurations, including the modules you already configured for log collection. This can save you the time and effort of starting with a new Blumira sensor configuration and having to redo your integrations.
Note: Although we designed sensor reinstallation to minimize disruption on an actively-used sensor during the rebuild process, it is possible that a small number of log messages (especially those using regular UDP-based Syslog) may be lost during the upgrade of a running sensor.
When to rebuild and reinstall a Blumira sensor
You should only rebuild a Blumira sensor in the following circumstances:
- The original Blumira sensor install script expired before you successfully installed the sensor on your Ubuntu host.
- You can no longer use the host it is currently running on and need to migrate the sensor onto a new host server.
- You were instructed to or otherwise need to upgrade the core sensor software manually.
- When the existing sensor will be unaffected until you run the installation script on the sensor host, at which time migration will occur (if a running sensor is detected).
Migrating a sensor to a new host
Unlike reinstalling in place, moving an existing sensor that is currently collecting logs onto a new host can be very lossy, depending on the volume of logs being processed by the sensor and how quickly you install it on the new host. You can avoid a gap in data by creating a new host and new sensor, instead, and then manually reconfiguring your integrated log sources to the new sensor. However, this approach can be more time-consuming and sensor modules will re-fetch all history, leading to duplicate logs in the system for that data type and history time window.
Preparing to migrate a sensor
Before you can migrate an existing sensor onto a new server, you must first ensure you have a new virtual host ready to use.
Tip: To avoid additional work reconfiguring your log sources, ensure that you continue to use the same IP address for the new host as was used for the old host.
To prepare a new host for your existing sensor:
- Stop the old sensor. This way you can re-use the same IP address on the new host.
- Create a new VM with Ubuntu 22.04 by following the steps in Preparing an Ubuntu host.
- Complete Steps 1 through 3 only of Building and installing a new sensor on the host. Do not proceed to Step 4 of that section.
- Follow the steps below to redeploy the sensor on the new VM using the same IP address.
To rebuild and install the Blumira sensor:
- If your organization restricts outbound traffic, ensure that you allowlist the URLs provided in Allowlisting outbound traffic for Blumira sensors on your firewall.
- In Blumira, navigate to Settings > Sensors.
- Click the sensor that you want to update.
- Click View details.
- Click Rebuild Sensor.
- When prompted, click Rebuild.
- From the email you receive, copy and run the provided command on your host to complete the installation with the new sensor image.
Note: You can also copy the script from the Installation Instructions section on the Sensor details page when the image is ready. The script expires after 7 days and will not appear in the app after it has expired.
- When the install script successfully completes, a docker container appears on your host, which contains the sensor stack.
- Reboot the host after the installation script has finished running. Until then the sensor will show online, but the modules will remain in an unknown state.